HBFITES Data Center, Collaboration, Security, Storage, Wireless, Telepresence Training +91-9886770046 info@hbfites.com

F5 BIG-IP ASM v11.x - F5 Configuring BIG-IP ASM v11: Application Security Manager

Description

This four-day course covers ways to manage web-based and XML application attacks and the use of Application Security Manager to defend against these attacks. The course covers installation, configuration, management, security policy building, traffic learning, and implementation of Application Security Manager in both stand-alone and modular configurations. This class includes lectures, labs, demonstrations, and discussions.

Course topics include:

  • ASM deployment types
  • Configuration backup
  • Web application security concepts
  • HTTP and HTML concepts
  • Common HTTP vulnerabilities
  • ASM-enabled HTTP classes
  • Security Policy building
  • Deployment wizard scenarios
  • Vulnerability assessment tools
  • ASM administration
  • Traffic learning
  • Parameters
  • Real Traffic Policy Builder
  • Login pages
  • Session tracking
  • Username tracking
  • Anomaly detection
  • Anti-virus protection
  • Geolocation enforcement
  • IP address exclusions
  • XML and web services protection
  • AJAX/JSON support
  • Protocol security module
  • IP address intelligence

Objectives

By course completion, the student will be able to implement and understand security policy configuration tasks and configure a security policy based on traffic learning and various security policy building techniques. Additionally, a student will be able to administer and manage Application Security Manager.

Prerequisites

Students should understand:

  • Basic HTTP and HTML concepts
  • Basic security concepts
  • Common network terminology
  • Web application terminology

In addition, students should be proficient in:

  • Basic PC operation and application skills, including operating a keyboard, mouse, Linux and Windows OS
  • Basic Web browser operation (Internet Explorer and Mozilla Firefox are used in class)

Who Should Attend

This course is intended for security and network administrators who will be responsible for the installation and day-to-day maintenance of the Application Security Manager.

Outline

Preface

  • F5 Networks
  • F5 Product Suite Overview
  • Hardware
  • Virtual Editions
  • F5 Services
  • F5 Resources and Tools

Module 1: Installation & Initial Access

  • BIG-IP ASM Overview
  • ASM Feature Set Summary
  • ASM Protection Summary
  • BIG-IP ASM Hardware Platforms
  • BIG-IP ASM Deployment Types
    • BIG-IP ASM Standalone
    • BIG-IP ASM in-line with BIG-IP LTM
    • Multiple BIG-IP ASM devices behind a BIG-IP LTM
    • BIG-IP ASM module on BIG-IP LTM
    • BIG-IP ASM Device Group
    • BIG-IP ASM Virtual Edition (VE)
  • Licensing and the Setup Utility
    • Configuration Process
    • Management Port Serial Console
    • License Administration
    • License Activation via the Configuration Utility
    • Web Configuration Utility
    • Command Line Access
  • Provisioning
  • Installation and Setup Labs
    • Lab Installation and Setup
    • Lab System Licensing
    • Lab Setup Utility
    • Lab Configuration Backup
    Module 2: Web Application Concepts
    • Anatomy of a Web Application
    • Secure Socket Layer
    • Hardened Servers
    • Network Firewalls
    • Web Application Firewalls
  • HTTP & HTML Web Page Components
    • Overview of Web Communication
    • Parsing URLs
    • HTTP Requests
    • GET Method
    • POST Method
    • HEAD Method
    • Uniform Resource Identifier
    • Query Strings
    • HTTP Version
    • HTTP Headers
    • HTTP Responses
    • HTTP Response Status Codes
    • HTML Concepts Overview
    • User Input Forms
    • Using Fiddler
      • Lab Fiddler
    Module 3: Web Application Vulnerabilities
    • Web Application Vulnerabilities Overview
    • Open Web Application Security Project Top 10 (2010)
    • Injection attacks
    • Cross Site Scripting
    • Broken Authentication and Session Management
    • Insecure Direct Object references
    • Hidden Field Manipulation
    • Cross Site Request Forgery
    • Security Misconfiguration
    • Insecure Cryptographic Storage
    • Failure to Restrict URL Access
    • Insufficient Transport Layer Protection
    • Unvalidated Redirects and Forwards
    • Parameter tampering
    • Cookie Poisoning
    • Denial of Service and Distributed Denial of Service
    • Brute Force
  • Risk Mitigation and ASM
    • Lab HTTP Vulnerabilities
    Module 4: ASM Configuration
    • Nodes
    • Pool Member
    • Pools
    • Pool Configuration
    • Virtual Servers
    • Network Packet Flow
    • HTTP Classes
    • HTTP Traffic Classifiers
    • HTTP Classes: Actions
    • HTTP Class Profile Configuration
    • SSL Termination/Initiation
    • Virtual Server Configuration
    • HTTP Request Flow
      • Lab Pool, HTTP Profile, and Virtual Server Configuration
    Module 5: Security Policy Overview
    • Positive Security Model
    • Negative Security Model
    • Basic Security Policy Creation and Initial Configuration
    • Security Policy Name
    • Defining an Application Language
    • Application-Ready Security Policy
    • Dynamic Session ID in URL
    • Staging-Tightening Period
    • Case Sensitive Security Policy
    • Maximum HTTP Header Length
    • Maximum Cookie Header Length
    • Allowed Response Status Codes
    • Trigger ASM iRule Events
    • Trust XFF Header
    • Security Policy Components
    • File Types
    • URLs
    • Parameters
    • Methods
    • Headers
    • Cookie Processing in ASM
    • Wildcard Entities
    • Violations and Traffic Learning
    • Tightening
    • Staging
    • Requests
    • Security Policy Blocking
    • Learn, Alarm, and Block Flags
    • Blocking Response Page
      • Lab Security Policy Configuration
    • Attack Signatures
    • Attack Signature Pool
    • Attack Signature Sets
    • User-defined Attack Signatures
      • Lab User-defined Attack Signatures
    Module 6: Deployment Wizard
    • Deployment Wizard
    • Rapid Deployment Scenarios
    • Data Guard
    • Rapid Deployment Methodology
      • Lab Rapid Deployment
      • Lab Data Guard
      • Lab Attack Signatures
    • Application-Ready Security Policy
    • Rapid Deployment Configuration
      • Lab Application-Ready Security Policy Lab
    Module 7: Vulnerability Assessment Tools
    • Creating a new baseline policy
    • Adding a vulnerability assessment to an existing policy
    • Resolving vulnerabilities
    • WhiteHat Sentinel
    • IBM Rational AppScan
    • Cenzic Hailstorm
    • QualysGuard
      • Lab Option 1: WhiteHat Sentinel
      • Lab Option 2: Qualys
      • Lab Option 3: AppScan
      • Lab Option 4: Cenzic
    Module 8: Application Visibility & Reporting
    • AVR Prerequisites
    • Analytics profile
      • Lab Analytics Profile Setup
    • Dashboard
    • Reporting Overview
    • Charts
    • PCI Compliance Reports
      • Lab PCI Compliance Reporting
    • Logs
    • Viewing Log Files
    • Logging Profiles
    • Event Correlation
    • Response Logging
      • Lab Logging messages locally and remotely
      • Lab Response logging
    Module 9: Administering ASM
    • Defining partitions
    • User Management and Roles
      • Lab Partitions and User Roles
    • Modifying Security Policies
      • Lab Security Policy Modification
    • ASM Synchronization
    • Device Groups
    • qkview
    Module 10: Lab Project

    Module 11: Traffic Learning

    • Learning Concepts Overview
    • Learning Process Resources
    • Length Learning
    • Pattern Learning
    • Meta-Character Learning
    • RFC Violations
    • Access Violations
    • Length Violations
    • Input Violations
    • Cookie Violations
      • Lab Traffic Learning
    Module 12: Parameters
    • Parameter Overview
    • Parameter Types
    • Sensitive Parameters
    • User Input Parameter Value Types
    • Static Parameter Value Types
    • Dynamic Parameter Value Types
    • Extractions
    • XML Value Types
    • JSON Value Types
    • Parameter Character Sets
    • Parameter Levels
    • Global Parameters
    • URL Parameters
    • Flow Parameters
    • Parameter Logic
      • Lab Protecting Dynamic Parameters
      • Lab Protecting Static Parameters
    Module 13: Real Traffic Policy Builder
    • Real Traffic Policy Builder Configuration
    • Real Traffic Policy Builder Configuration Example
    • Real Traffic Policy Builder Policy Types
    • Automatic Policy Building Stages
    • Real Traffic Policy Builder Rules
    • Trusted and Untrusted IPs
      • Lab Automatic Security Policy Builder
      • Lab Automatic Security Policy Builder (option2)
    Module 14: Advanced Topics
    • iRules
    • iRule Syntax
    • ASM iRule Events
    • ASM iRule Commands
    • TcL Commands
    • iRule Configuration
      • Lab iRule creation and configuration
    • Sessions and Logins
      • Lab Login URL Creation
      • Lab Session Awareness and Tracking
      • Lab Username Session Tracking
    • Anomaly Detection
    • Denial of Service Attacks
    • Brute Force Attacks
      • Lab Session-based Brute Force
    • IP Enforcer
    • Web Scraping
      • Lab Web Scraping
    • Anti_Virus Protection
    • Cross-site Request Forgery Protection
      • Lab Cookie Enforcement
    • eolocation Enforcement
      • Lab Geolocation Enforcement
    • IP Address Exceptions
      • Lab IP Address Exception
    Module 15: XML and Web Services
    • XML Concepts
    • Web Services Concepts
    • XML Profile
    • Schema and WSDL Validation
    • XML Attack Signatures
    • Web Services Security
    • Defense Configuration
    • Associating and XML Profile with an URL
    • Associating and XML Profile with a parameter
      • Lab XML and Web Services
    Module 16: AJAX and JSON concepts
    • AJAX Overview
    • JSON Overview
    • ASM Support of AJAX/JSON
    • JSON Profile
    • Associating a JSON Profile with a URL
    • Associating a JSON Profile with a Parameter
      • Lab JSON Parsing
    Module 17: Protocol Security Module
    • FTP Overview
    • FTP Security Profile Configuration
    • SMTP Protection
    • SMTP Security Profile Configuration
    • HTTP Security
    • HTTP Security Profile Configuration
    • PSM Statistics
      • Lab Protocol Security Module
    Module 18: IP Address Intelligence
    • iprepd daemon
    • Licensing
    • Requirements
    • Post-license troubleshooting
    • ASM Settings
    • IP Address Whitelist
    • IP Address Intelligence categories
    • IP Address Intelligence learning
    Module 19: Analytics Review & Final Project
      • Lab Analytics Review
    • Review Questions
      • Lab Configuration Lab Project 2
    Appendix A (Installation Guidelines)
    Appendix B (New Features for 11.2)
    Appendix C Additional Topics
    • Traffic Capturing Using HTTPWatch
      • Lab Using HttpWatch
    • Regular Expressions
    • Writing Rules for User-Defined Attack Signatures
    Appendix D (Helpful hints)
    Appendix E (Protecting a production environment)
    PowerPoint Presentation Printout